The Vulnerability Management Specialist is an advanced, hands-on practitioner and representative of the cyber security defense team. The role is technical, and candidates must possess a solid understanding of information security and preferably have held positions in cyber security and systems administration. The role also requires an understanding of business and governance process. Vulnerability management analysts are responsible for the overall management lifecycle of the program. They must understand applications, operating systems, networking, cloud infrastructure and basic attacker tactics, techniques and procedures (TTPs). Additionally, analysts are expected to maintain a high level of rigor to stay up-to-date with advancements in technology, while also retaining knowledge of older systems and applications in use.
Vulnerability Management Specialists understand that legacy and present-day systems and applications may have weaknesses that can be exploited by external threat actors and potentially lead to a breach. Given that vulnerability management and risk exposure extend across all technical systems enterprise-wide, responsibilities of this position include identifying assets and vulnerabilities, reporting, remediation and continuous assessment. The position must collaborate with others on the team for remediation and additional validation, as well as contribute to other collaborative approaches driven by the security team strategy.
Vulnerability Management Specialists are expected to manage strategic initiatives for short- as well as long-term plans to identify and reduce the attack surface across applications and systems. Use of automated tools to identify, assess and report is expected, with emphasis placed on effective communication to constituents relying on applications and systems that support their business. Vulnerability management analysts take an active lead to inform, advise and partner with business units to help better secure their operations.
Principle Duties and Responsabilities:
- Manage and independently detect, prioritize, and remediate identified vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud and third-party assets.
- Conduct continuous independent discovery and vulnerability scans/security assessments of enterprise-wide assets, and proactive control testing.
- Document, prioritize, and formally report asset and vulnerability state, along with remediation recommendations and validation.
- Formalizing a process for communicating vulnerability results and security patch releases in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business.
- Procure and maintain tools and scripts used in asset discovery and vulnerability status.
- Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendor-supplied fixes and workarounds.
- Work as a team to consistently learn and share advanced skills and foster team excellence.
- Actively collaborate with MSSP to develop, maintain, and enhance cyber security controls.
- Partner with senior leaders from lines of business organizations to triage security events and report on impacting security initiatives.
- Support and monitor patch management compliance across the infrastructure to align to audit requirements.
- Collaborate with security groups such as red teams, threat intelligence and risk management to form a holistic team dedicated to thwarting attackers and reducing attack surface.
- Work closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization’s security posture against them.
- Regularly research and learn new TTPs in public and closed forums, and work with colleagues to assess risk, implement/validate controls, and update procedures as necessary.
- Maintain an active database comprising third-party assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business.
- Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of misconfiguration, compromise or information leakage.
- Periodically attend and participate in change management policy discussions and meetings.
- Reporting on KRI/KPI status and compliance monitoring activities.
- Understand breach and attack simulation solutions for known vulnerabilities and work with the team to validate controls effectiveness.
- Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
- Possess a thorough understanding of CIS Controls and how it’s used to harden computers, databases, and network devices.
- Possess a thorough understanding of Group Policy Objects and how it’s implemented and used to harden computers.
- Assist multiple teams on the implementation of configuration management for security hardening.
- Report on computers and devices that deviate from preapproved configuration management security standards.
- Contribute to the development of security policy and procedures.
- Identifying vulnerabilities in the environment that must be addressed according to risk, age, and susceptibility. Provide best practice guidance on vulnerability assessments and remediation.
- Perform other duties as assigned.